OpenVPN Server Setup Script
This script automates the process of setting up an OpenVPN server on a VPS running Ubuntu/Debian. It handles the installation, certificate generation, and configuration of OpenVPN.
Prerequisites
- A VPS running Ubuntu/Debian
- Root access to the server
- OpenSSH access to the server
Installation
- Copy the
setup_openvpn.shscript to your server - Make the script executable:
chmod +x setup_openvpn.sh - Run the script as root:
sudo ./setup_openvpn.sh
What the Script Does
- Updates the system
- Installs OpenVPN and required packages
- Sets up the PKI (Public Key Infrastructure)
- Generates server certificates and keys
- Configures the OpenVPN server
- Sets up firewall rules
- Creates a client certificate generation script
Generating Client Certificates
After the server is set up, you can generate client certificates using the provided script:
sudo /etc/openvpn/server/generate-client.sh <client-name>
This will create a client configuration file in /etc/openvpn/client/<client-name>.ovpn
Connecting to the VPN
- Copy the generated
.ovpnfile from/etc/openvpn/client/to your local machine - Install OpenVPN client on your local machine
- Import the
.ovpnfile into your OpenVPN client - Connect to the VPN
Security Notes
- The script uses UDP port 1194 (default OpenVPN port)
- AES-256-CBC encryption is used
- The server uses Google DNS (8.8.8.8 and 8.8.4.4)
- The VPN subnet is set to 10.8.0.0/24
- The script enables IP forwarding and configures the firewall
Troubleshooting
If you encounter any issues:
- Check the OpenVPN server logs:
sudo journalctl -u openvpn@server - Verify the firewall rules:
sudo ufw status - Check if the OpenVPN service is running:
sudo systemctl status openvpn@server
Important Files
- Server configuration:
/etc/openvpn/server/server.conf - Client configurations:
/etc/openvpn/client/ - Server certificates:
/etc/openvpn/server/ - Client certificate generation script:
/etc/openvpn/server/generate-client.sh